Skip to content

Commit c94d240

Browse files
ShogunPandaronagkumarak
authored
Import v2.x CVES (#183)
* http: verify chunk parameters * http: disable whitespace for special headers * Strict transfer encoding 2.1 (#162) * chore: Mark the series as unsupported. * chore: Refer to the latest version. Co-authored-by: Robert Nagy <ronagy@icloud.com> Co-authored-by: Akshay K <iit.akshay@gmail.com>
1 parent dd2b150 commit c94d240

13 files changed

Lines changed: 465 additions & 112 deletions

File tree

.github/workflows/ci.yaml

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -19,11 +19,12 @@ jobs:
1919
- name: Install clang for Windows
2020
if: runner.os == 'Windows'
2121
run: |
22-
Invoke-Expression (New-Object System.Net.WebClient).DownloadString('https://get.scoop.sh')
22+
iwr -useb get.scoop.sh -outfile 'install.ps1'
23+
.\install.ps1 -RunAsAdmin
2324
scoop install llvm --global
2425
2526
# Scoop modifies the PATH so we make the modified PATH global.
26-
echo "::set-env name=PATH::$env:PATH"
27+
echo $env:PATH >> $env:GITHUB_PATH
2728
2829
- name: Fetch code
2930
uses: actions/checkout@v2
@@ -45,7 +46,8 @@ jobs:
4546

4647
- name: Build libllhttp.a
4748
shell: bash
48-
run: make build/libllhttp.a
49+
run: |
50+
make build/libllhttp.a
4951
5052
test:
5153
name: Run tests
@@ -60,11 +62,12 @@ jobs:
6062
- name: Install clang for Windows
6163
if: runner.os == 'Windows'
6264
run: |
63-
Invoke-Expression (New-Object System.Net.WebClient).DownloadString('https://get.scoop.sh')
65+
iwr -useb get.scoop.sh -outfile 'install.ps1'
66+
.\install.ps1 -RunAsAdmin
6467
scoop install llvm --global
6568
6669
# Scoop modifies the PATH so we make the modified PATH global.
67-
echo "::set-env name=PATH::$env:PATH"
70+
echo $env:PATH >> $env:GITHUB_PATH
6871
6972
- name: Fetch code
7073
uses: actions/checkout@v2

README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,8 @@
22

33
Port of [http_parser][0] to [llparse][1].
44

5+
**IMPORTANT: The 2.x series is discontinued and not maintained anymore. Update to the latest version of llhttp as soon as possible. The only exception is the 2.1.x series which will be supported until Node.js 14 goes End-Of-Life).**
6+
57
## Why?
68

79
Let's face it, [http_parser][0] is practically unmaintainable. Even

package-lock.json

Lines changed: 62 additions & 25 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -37,18 +37,18 @@
3737
"homepage": "https://github.com/nodejs/llhttp#readme",
3838
"devDependencies": {
3939
"@types/mocha": "^5.2.7",
40-
"@types/node": "^10.17.52",
40+
"@types/node": "^10.17.60",
4141
"llparse-dot": "^1.0.1",
42-
"llparse-test-fixture": "^5.0.1",
42+
"llparse-test-fixture": "^5.0.2",
4343
"mdgator": "^1.1.2",
4444
"mocha": "^7.2.0",
4545
"ts-node": "^7.0.1",
4646
"tslint": "^5.20.1",
47-
"typescript": "^3.9.9"
47+
"typescript": "^3.9.10"
4848
},
4949
"dependencies": {
5050
"@types/semver": "^5.5.0",
51-
"llparse": "^7.1.0",
51+
"llparse": "^7.1.1",
5252
"semver": "^5.7.1"
5353
}
5454
}

src/llhttp/constants.ts

Lines changed: 41 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -6,38 +6,40 @@ export type HTTPMode = 'loose' | 'strict';
66

77
export enum ERROR {
88
OK = 0,
9-
INTERNAL,
10-
STRICT,
11-
LF_EXPECTED,
12-
UNEXPECTED_CONTENT_LENGTH,
13-
CLOSED_CONNECTION,
14-
INVALID_METHOD,
15-
INVALID_URL,
16-
INVALID_CONSTANT,
17-
INVALID_VERSION,
18-
INVALID_HEADER_TOKEN,
19-
INVALID_CONTENT_LENGTH,
20-
INVALID_CHUNK_SIZE,
21-
INVALID_STATUS,
22-
INVALID_EOF_STATE,
23-
INVALID_TRANSFER_ENCODING,
24-
25-
CB_MESSAGE_BEGIN,
26-
CB_HEADERS_COMPLETE,
27-
CB_MESSAGE_COMPLETE,
28-
CB_CHUNK_HEADER,
29-
CB_CHUNK_COMPLETE,
30-
31-
PAUSED,
32-
PAUSED_UPGRADE,
33-
34-
USER,
9+
INTERNAL = 1,
10+
STRICT = 2,
11+
CR_EXPECTED = 25,
12+
LF_EXPECTED = 3,
13+
UNEXPECTED_CONTENT_LENGTH = 4,
14+
CLOSED_CONNECTION = 5,
15+
INVALID_METHOD = 6,
16+
INVALID_URL = 7,
17+
INVALID_CONSTANT = 8,
18+
INVALID_VERSION = 9,
19+
INVALID_HEADER_TOKEN = 10,
20+
INVALID_CONTENT_LENGTH = 11,
21+
INVALID_CHUNK_SIZE = 12,
22+
INVALID_STATUS = 13,
23+
INVALID_EOF_STATE = 14,
24+
INVALID_TRANSFER_ENCODING = 15,
25+
26+
CB_MESSAGE_BEGIN = 16,
27+
CB_HEADERS_COMPLETE = 17,
28+
CB_MESSAGE_COMPLETE = 18,
29+
CB_CHUNK_HEADER = 19,
30+
CB_CHUNK_COMPLETE = 20,
31+
32+
PAUSED = 21,
33+
PAUSED_UPGRADE = 22,
34+
// PAUSED_H2_UPGRADE = 23 in v6.x
35+
36+
USER = 24,
3537
}
3638

3739
export enum TYPE {
3840
BOTH = 0, // default
39-
REQUEST,
40-
RESPONSE,
41+
REQUEST = 1,
42+
RESPONSE = 2,
4143
}
4244

4345
export enum FLAGS {
@@ -187,8 +189,8 @@ Object.keys(METHOD_MAP).forEach((key) => {
187189

188190
export enum FINISH {
189191
SAFE = 0,
190-
SAFE_WITH_CB,
191-
UNSAFE,
192+
SAFE_WITH_CB = 1,
193+
UNSAFE = 2,
192194
}
193195

194196
// Internal
@@ -284,15 +286,15 @@ export const MINOR = MAJOR;
284286

285287
export enum HEADER_STATE {
286288
GENERAL = 0,
287-
CONNECTION,
288-
CONTENT_LENGTH,
289-
TRANSFER_ENCODING,
290-
UPGRADE,
291-
292-
CONNECTION_KEEP_ALIVE,
293-
CONNECTION_CLOSE,
294-
CONNECTION_UPGRADE,
295-
TRANSFER_ENCODING_CHUNKED,
289+
CONNECTION = 1,
290+
CONTENT_LENGTH = 2,
291+
TRANSFER_ENCODING = 3,
292+
UPGRADE = 4,
293+
294+
CONNECTION_KEEP_ALIVE = 5,
295+
CONNECTION_CLOSE = 6,
296+
CONNECTION_UPGRADE = 7,
297+
TRANSFER_ENCODING_CHUNKED = 8,
296298
}
297299

298300
export const SPECIAL_HEADERS = {

0 commit comments

Comments
 (0)